On chip verification and consequent enablement of card os operation in smart cards

ABSTRACT

On Chip Smart Card verification of a cardholder using biometrics such as a fingerprint and consequent enablement of a card operating system, having an additional software layer boot prior to the commercial card operating system booting. This software layer, or boot loader, provides the drivers and functionality for the finger print sensor and on-card matching. If the cardholder is successfully authenticated, the unmodified commercial OS is then allowed to boot. If the cardholder does not authenticate with the boot loader then the card does not boot the card operating system and thus cannot be used for financial transactions.

BACKGROUND

1. Field of the Invention

The invention relates to biometric identification such as fingerprintverification. More particularly, the invention relates to a system foron chip verification and consequent enablement of card OS operationusing smart cards.

2. Description of the Background

Smart cards are usually, although not necessarily, the size of astandard credit card, but contain some form of electrical circuitry,usually in the form of one or more integrated circuits (ICs). Simplesmart cards may function only as a memory, but more complex ones includea Central Processing Unit (CPU), so as to be able to process data invarious ways. This processing is often limited to controlling access tothe memory in some way or other, to prevent unauthorized changes to thedata stored there.

An example of a smart card is shown in FIG. 4, which shows a card 490including a CPU 400 with a card operating system 410 and contacts 430 toconnect to external readers and biometric sensors, for example.

Various operating systems have been implemented in smart cards having aCPU. Early smart card operating systems were dedicated to a singleapplication for using the card, whereas later operating systems havebeen developed for multiple applications, and Java cards have also beendeveloped, in which the Java operating system is employed so thatapplications could be portable between cards.

Smart cards have been used as credit cards, charge cards, and debitcards, as well as for access to mass transit and parking, to storehealth records, as identity badges, and for secure access to a LocalArea Network (LAN), as well as in cellular phones and cable TV set-topboxes, amongst other applications. However, to date there has not been aviable commercial application of on card verification of a cardholderusing biometrics such as a fingerprint. Present identity verificationschemes generally either rely upon cryptography, or rely upon biometricidentity verification that does not take place on the card itself.

Operating systems from commercial vendors such as Giesecke & DevrientGmbH (G&D) exist which have on-chip fingerprint matching, but anoff-card reader scans the fingerprint. There are also companies such asFidelica Microsystems, Inc. that provide on chip finger print sensorsand verification but they use a proprietary, experimental OS and not acommercial grade publicly available OS.

BRIEF SUMMARY

A method is provided for biometric authentication for a smart card,including bootstrap loading the smart card with an input/outputoperating system, checking whether a flag is set, reading biometricinformation of a user under control of the input/output operating systemto authenticate the user if the flag is not set, setting the flag if theuser is authenticated according to the biometric information, andloading the smart card with a card operating system if the flag is set,the card operating system being distinct from the input/output operatingsystem.

In one embodiment, the reading of the biometric information of the usercomprises reading a fingerprint of the user. In one embodiment, thereading of the fingerprint is performed by a fingerprint sensorintegrated into the smart card. In another embodiment the reading of thebiometric information of the user is performed by a sensor integratedinto the smart card. The indication of whether the flag is set or notset may be done via a storage bit in a non-volatile random accessmemory, or alternatively, via a capacitor. In one embodiment, the flagmay be cleared after a preset time delay.

In another embodiment of the present invention, a computer programproduct for biometric authentication of a smart card user is provided,the computer program product including a computer readable medium,having computer readable program code embodied in the computer readablemedium, the computer readable program code including instructions tobootstrap load the smart card with an input/output operating system,instructions to check whether a flag is set, instructions to readbiometric information of a user under control of the input/outputoperating system to authenticate the user if the flag is not set,instructions to set the flag if the user is authenticated according tothe biometric information, and instructions to load the smart card witha card operating system if the flag is set, the card operating systembeing distinct from the input/output operating system.

In yet another embodiment of the present invention, a biometricallyauthenticated smart card is provided, including a central processingunit, a first media storing an input/output operating system tobootstrap load the smart card and control the central processing unitbefore a card operating system is loaded, storage for storing a flag,which is set by the central processing unit if a user is authenticated,a biometric information reader to authenticate a user under control ofthe input/output operating system if the flag is not set, and a secondmedia storing a card operating system to be loaded into the smart cardif the flag is set, the card operating system being distinct from theinput/output operating system.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 shows the architecture of a system according to a preferredembodiment of the invention.

FIG. 2 shows functional operation of the system a according to FIG. 1.

FIG. 3 is a flowchart of a method of according to the invention.

FIG. 4 shows a smart card according to the prior art.

DETAILED DESCRIPTION

The proposed system is a practical implementation of a system whereexisting fingerprint or other biometric technology can be integratedwith an existing commercial operating system without extensivemodifications to the operating system.

One problem that the Applicants have identified with the background artis that smart cards that have biometric identification capability, suchas fingerprint identification, require the use of a separate fingerprintreader or biometric reader that is not part of the smart card itself.This limits the use of such smart cards, such that biometricidentification is not possible when they are used with existing smartcard readers that do not incorporate biometric identification hardware.

Another problem that the Applicants have identified with the backgroundart is that on-chip fingerprint readers known in the art are notcompatible with commonly available operating systems.

In one aspect of the invention a smart card is provided where afingerprint reader or other biometric reader is integrated into the carditself. The biometric reader may also be, for example, a retinalscanner.

In another aspect of the invention a smart card is provided that iscompatible with standard operating systems.

These and other aspects of the present invention may employ the systemfor on chip verification and consequent enablement of card OS operationusing smart cards of the exemplary embodiment disclosed herein.

In a preferred embodiment, the system works by having an additionalsoftware layer ‘boot’, i.e. bootstrap load itself into a working memory,prior to the commercial card operating system booting. This softwarelayer, or boot loader, provides the drivers and functionality for thefinger print sensor and on-card matching. The boot loader will also bereferred to as the input/output operating system, or IOS. If thecardholder is successfully authenticated, it then allows an unmodifiedcommercial operating system to boot. Such a commercial operating systemfor smart cards is referred to herein as a card operating system, CardOS or COS. If the cardholder does not authenticate with the boot loaderthen the card does not boot the card operating system and thus cannot beused for financial transactions.

An advantage of the invention is the use of a monolithic CPUarchitecture as currently exists in smart cards. A single CPU is morepractical since power and physical real estate is scarce on a smartcard. A further advantage of the invention is the use of an existing,unmodified, card operating system. Modifications to the card operatingsystem are expensive to construct and expensive to certify. Yet anotheradvantage of the invention is that it provides a secure means to use asmartcard with biometric authentication with minimal development effort.

The invention will now be described in more detail by way of examplewith reference to the embodiments shown in the accompanying figures. Itshould be kept in mind that the following described embodiments are onlypresented by way of example and should not be construed as limiting theinventive concept to any particular physical configuration.

Further, if used and unless otherwise stated, the terms “upper,”“lower,” “front,” “back,” “over,” “under,” and similar such terms arenot to be construed as limiting the invention to a particularorientation. Instead, these terms are used only on a relative basis.

The present invention is directed toward a system for on chipverification and consequent enablement of operation of a card operatingsystem (Card OS) using smart cards.

FIG. 1 shows the architecture of a system according to a preferredembodiment of the invention.

In a preferred embodiment, the card 190 has one CPU 100 but twodifferent operating systems; a conventional card operating system (COS)110 obtained from a vendor and a custom built I/O (input/output)operating system (IOS) 120. The COS 110 is used to perform financialtransactions in the case of a credit card smart card using,communicating using known connection standards such as ISO7816/10536/14443/15693 with a Point of Sale (POS) reader (not shown).COS 110 is preferably not modified, but is used in its existing form asobtained from the vendor. Contacts 130 comply with ISO 7816 in theexemplary embodiment shown. The IOS 120 is used to authenticate a userto the card using a user interface peripheral 180, which can include anon-card fingerprint sensor, or other biometric information reader. Thecard 190 has a battery 140 and clock 150 so that it can operateindependently of a card reader. The card 190 uses storage 160 to hold a“card holder authenticated” flag, e.g. by storing a bit indicating ifthe flag is set. Storage 160 can be, for example, a non-volatile RAM(NVRAM), or a resistor/capacitor (RC) network set via a General purposeI/O (GPIO) pin.

FIG. 2 shows functional operation of the system according to FIG. 1.

The IOS 120 is always booted first when power is applied. Its purpose isto check if the card 190 is in a “card holder authenticated” mode byreading the status of the flag from storage 160. If the cardholder oruser has not been authenticated, then the cardholder is prompted toauthenticate using the peripheral 180, which can include an integralfinger print sensor or other biometric sensor as previously noted. Ifthe cardholder has already authenticated, the normal card operatingsystem is allowed to boot. If the storage 160 used to hold the flag isan NVRAM, for example, the user can authenticate and then boot the CardOS 110 much later. If the flag is kept in a resistor/capacitor network,then the authentication is allowed to time-out after a given time, i.e.the flag is set by charging a capacitor, but the charge leaks away via aresistor, according to the time constant RC of the network as perwell-known principles. Hence, the flag may be cleared, that is to sayreset to a not set state, after a preset period of time.

FIG. 3 is a flowchart illustrating the method of the invention.

In step 300 the smart card boots to the IOS 120, then in step 310 theflag in storage 160 is checked. If step 310 detects that the flag is notset, then the method proceeds to read the user's biometric informationin step 320, and in step 330 the biometric information is checked for amatch. If the biometric information matches and the user isauthenticated, then in step 340 the flag is set and then the methodreturns to step 310, and if not the method returns directly to step 310.If step 310 detects that the flag is set, then in step 350 the card OSis enabled to be loaded, although it may actually be loaded later,subject to a time-out time, and the flag is cleared. In step 360, theuser selects a smart card application via the reader, and in step 370the card is removed.

It should be understood, however, that the invention is not necessarilylimited to the specific process, arrangement, materials and componentsshown and described above, but may be susceptible to numerous variationswithin the scope of the invention. For example, although theabove-described exemplary aspects of the invention are believed to beparticularly well suited for smart cards, it is contemplated that theconcepts of the present invention can be applied in other applications.For example, the concepts of the present application can be utilizedwhenever it is desired to verify biometric information before starting acomputer operating system.

In addition, embodiments of the present invention may also be deliveredas part of a service engagement with a corporation, nonprofitorganization, government entity, internal organizational structure, orthe like. Aspects of these embodiments may include designing, deploying,and configuring a computing system containing the systems and/orpracticing the methods described herein. Further aspects of theseembodiments may include analyzing the client's operations, creatingrecommendations responsive to the analysis, building systems thatimplement portions of the recommendations, integrating the systems intoexisting processes and infrastructure, metering use of the systems,allocating expenses to users of the systems, and billing for use of thesystems.

It will be apparent to one skilled in the art that the manner of makingand using the claimed invention has been adequately disclosed in theabove-written description taken together with the drawings.

It will be understood that the above description of the preferredembodiments are susceptible to various modifications, changes andadaptations, and the same are intended to be comprehended within themeaning and range of equivalence of the appended claims.

1. A method of biometric authentication for a smart card, comprising:bootstrap loading the smart card with an input/output operating system;checking whether a flag is set; reading biometric information of a userunder control of the input/output operating system to authenticate theuser if the flag is not set; setting the flag if the user isauthenticated according to the biometric information; and loading thesmart card with a card operating system if the flag is set, the cardoperating system being distinct from the input/output operating system.2. The method according to claim 1, wherein reading the biometricinformation of the user comprises reading a fingerprint of the user. 3.The method according to claim 2, wherein reading the fingerprint isperformed by a fingerprint sensor integrated into the smart card.
 4. Themethod of claim 1, wherein reading the biometric information of the useris performed by a sensor integrated into the smart card.
 5. The methodof claim 1, comprising storing a bit, indicating whether the flag is setor not set, in a non-volatile random access memory.
 6. The method ofclaim 1, comprising storing a bit, indicating whether the flag is set ornot set, in a capacitor.
 7. The method of claim 1, further comprisingclearing the flag after a preset time delay.
 8. A computer programproduct for biometric authentication of a smart card user, the computerprogram product comprising: a computer readable medium having computerreadable program code embodied therewith, the computer readable programcode including: instructions to bootstrap load the smart card with aninput/output operating system; instructions to check whether a flag isset; instructions to read biometric information of a user under controlof the input/output operating system to authenticate the user if theflag is not set; instructions to set the flag if the user isauthenticated according to the biometric information; and instructionsto load the smart card with a card operating system if the flag is set,the card operating system being distinct from the input/output operatingsystem.
 9. The computer program product according to claim 8, whereinthe instructions to read the biometric information of the user compriseinstructions to read a fingerprint of the user.
 10. The computer programproduct according to claim 9, wherein the instructions to read thefingerprint cause a fingerprint sensor integrated into the smart card tooperate.
 11. The computer program product of claim 8, wherein theinstructions to read the biometric information of the user cause asensor integrated into the smart card to operate.
 12. The computerprogram product of claim 8, comprising instructions to store a bit,indicating whether the flag is set or not set, in a non-volatile randomaccess memory.
 13. The computer program product of claim 8, comprisinginstructions to store a bit, indicating whether the flag is set or notset, in a capacitor.
 14. A biometrically authenticated smart card,comprising: a central processing unit; first media storing aninput/output operating system configured to bootstrap load the smartcard and control the central processing unit before a card operatingsystem is loaded; storage for storing a flag, which is set by thecentral processing unit if a user is authenticated; a biometricinformation reader configured to authenticate a user under control ofthe input/output operating system if the flag is not set; and secondmedia storing a card operating system configured to be loaded into thesmart card if the flag is set, the card operating system being distinctfrom the input/output operating system.
 15. The smart card according toclaim 14, wherein the biometric information reader is a fingerprintsensor.
 16. The smart card according to claim 15, wherein thefingerprint sensor is the biometric information reader is.
 17. The smartcard of claim 14, wherein reading the biometric information reader isintegrated into the smart card.
 18. The smart card of claim 8,comprising a non-volatile random access memory configured to store a bitindicating whether the flag is set or not.
 19. The smart card of claim8, comprising a capacitor configured to store a bit indicating whetherthe flag is set or not.
 20. The smart card of claim 19, wherein thecapacitor is part of a network comprising a resistor, whereby the flagis cleared after a time delay determined by the time constant of theresistor and the capacitor.